Skip to Content
This is the latest documentation for BMC Helix Network Management (formerly known as Netreo).

 

Action Group

Description

Action Groups are an automation feature that can be assigned to a monitoring check. They fire when that check generates an alarm.

Typically, action groups are used to determine who receives alert notifications when Netreo detects a problem. They also provide a way to instruct Netreo on the actions it should take automatically (if any) in response to that problem.

Details

Action groups are assigned to the Netreo checks monitoring your devices and applications. When a check fails, and an incident is created, any action groups assigned to the failing check tell the incident who should be alerted, when, and how—as well as what actions Netreo should take. Non-alert actions that Netreo can be instructed to take include rebooting a device, restarting a service or server, generating a service ticket using an external alerting API such as ServiceNow or OpsGenie, or broadcasting a message across your network using an SNMP trap.

The structure of action groups is somewhat complex, given their purpose. Action groups consist of three basic components:

  1. The action group itself.
  2. One or more actions that are contained within that action group.
  3. One or more methods that are contained within each action.

Basically, action groups are groups of actions. And, actions are groups of methods.

Components

Action Group

An action group is essentially a container for actions.

You may add any number of action groups to a check or to the host alert contact list of a device.

An action group has three attributes that enable it to function within Netreo.

  • It is assignable to any Netreo monitoring check. An action group may also be chosen as a host alert contact for a device.
  • It has a name. Action groups are chosen by their name, so each action group must be given a unique name.
  • It has a configurable access level. In addition to being used automatically by incidents, action groups may also send alerts and perform actions when used manually by a user. The access level determines what users can manually use an action group.

Action groups that have their access level set to any option other than None will allow any user with the corresponding or higher access level to run the action group from within an incident that is using it. Setting the access level to None prevents the action group from being used manually under any circumstances.

Create an Action Group

Follow the steps below to create a new action group in Netreo, which can then be assigned to a monitoring check.

  1. Log in to Netreo as a user with the SuperAdmin access level.
  2. Go to the main menu and select Administration > Alerts > Actions to open the Actions Administration page.
  3. Select Add a Group.
    1. Enter a name for your new action group.
    2. Choose a manual use access level.
    3. Select Add Group.
  4. When you are prompted to add an action to the new group.
    1. Enter a name for the new action.
    2. Select Add Action.
  5. When you are prompted to add a method to the new action.
    1. Choose the method type.
    2. Configure the method as necessary.
      • The payloads for SNMP traps, webhooks, PowerShell, and SSH must not exceed 1,020 characters in length.
    3. Choose a time frame for the notify hours (the time during which the method will be allowed to execute).
    4. Select Add Method.
  6. You are returned to the Actions Administration page.

Modify an Action Group

Once created, you may then:

  • Upload the action group to a cloud library
  • Add an action to the action group
  • Edit the action group
  • Delete the action group

by selecting the appropriate icon at the top right of the group's panel.

by selecting the appropriate icon in its ACTIONS column.

Editing Action Groups

Editing an action group will only affect the future use of that action group in newly opened incidents (i.e., not in incidents that are currently in the open, acknowledged, or alarms cleared states). If the action group is currently being used by an open incident, it will remain unchanged until the incident is closed. If a new incident is subsequently opened, then the edited action group is used.

Action

An action is essentially a container for methods. It has no attributes other than a name and is purely for organizational purposes.

You may add any number of actions to an action group.

Create an Action

Follow the steps below to create a new action and add it to an action group.

  1. Log in to Netreo as a user with the SuperAdmin access level.
  2. Go to the main menu and select Administration > Alerts > Actions to open the Actions Administration page.
  3. Locate the action group to which you would like to add a new action.
  4. Select the action group's add action icon in the ACTIONS column.
  5. Enter a name for your new action.
  6. Select Add Action.
  7. You are returned to the Actions Administration page.

Modify an Action

Once created, you may then:

  • Add a method to the action
  • Edit the action
  • Delete the action

by selecting the appropriate icon in its ACTIONS column.

by selecting the appropriate icon in its ACTIONS column.

Editing Actions

Editing an action will only affect future use of that action in newly opened incidents (i.e., not in incidents that are currently in the open, acknowledged, or alarms cleared states). If the action is currently being used by an open incident, it will remain unchanged until the incident is closed. If a new incident is subsequently opened, then the edited action is used.

Method

A method is the executable component of an action group. It sends alert notifications or communicates commands to your managed devices or external APIs. Without at least one method, your actions and action groups can do nothing.

There are many methods to choose from, but they all do basically the same thing—send a message to someone or something outside of Netreo.

The specifics of a given method may vary, but they all share two common attributes.

  • Method type - This determines what function the method performs. Method types are explained further down.
  • Notify hours - This is a preconfigured time frame, outside of which the method will not execute. Commonly used to ensure that a given method only (or never) executes during (or after) business hours.

You may add any number of methods to an action, in any combination. This enables you to create a range of multifunctional action groups that can be utilized for various purposes.

Method Types
The following method types are available.

  • Email
    Sends an alert notification about an incident to a specified email address.
  • SMS (via email)
    Sends an alert notification about an incident to a mobile device using the specified SMS email address.
  • Mobile Notification
    Sends an alert notification about an incident to the Netreo mobile application using Netreo Cloud Services. These cloud-based alert notifications are sent from Netreo's cloud servers and are useful if your email systems are down along with your network. (This method is automatically added to all new actions by default, but can be removed if desired.)
  • SNMP Trap
    Broadcasts an SNMP trap about an incident to devices configured to receive traps from Netreo.
  • Webhook
    Sends commands to an external API such as a ticketing or alternative alerting system. See the note on webhooks in the Best Practices section below for important information about using webhooks.
  • Active Response Webhook
    An active response version of Webhook. See the note on webhooks in the Best Practices section below for important information about using webhooks.
  • Active Response Windows
    Sends PowerShell commands to Windows devices.
  • Active Response SSH
    Sends SSH commands to non-Windows devices.

Commands incompatible with the device to which they are sent will simply be ignored by that device. Additionally, the methods in an action group are only run against the host device to which the failing check is assigned. This allows for the safe addition of multiple command-based methods to a single action group, which can then be assigned to various devices.

Method Execution and Active Response
Most method types send their message repeatedly on a schedule until the incident running them has been acknowledged, at which point they stop. If that incident is de-acknowledged, they will start running again. (The schedule on which methods are run is configured in the check to which their action group is assigned.)

However, this is not the case with active response methods. Active response methods execute only once, when an incident is first created, and first use an action group. They will never automatically execute again for the same incident. Although they can be manually executed again by a user with an appropriate access level.

Skipped Methods

Some methods may fail to execute when their action group is run. There are typically three reasons for this:

  1. The method's NOTIFY HOURS configuration setting has restricted the time at which that method may execute.
  2. It is an active response method (which only run when an incident is first opened).
  3. The method is trying to run a command against a host for which that command is not applicable.

Create a Method

Follow the steps below to create a new method and add it to an action.

  1. Log in to Netreo as a user with the SuperAdmin access level.
  2. Go to the main menu and select Administration > Alerts > Actions to open the Actions Administration page.
  3. Locate the action group and action to which you would like to add a new method.
  4. Select the action's add method icon in the ACTIONS column.
  5. Choose the method type.
  6. Configure the method as necessary.
    • The payloads for SNMP traps, webhooks, PowerShell, and SSH must not exceed 1,020 characters in length.
    • If configuring an email address results in an error indicating that the address is in an incorrect format, try retyping the address manually or copy/paste without formatting (Shift-CRTL-V in Windows), as non-printable, accented, or UNICODE characters can cause problems.
  7. Choose a time frame for the notify hours (the time during which the method will be allowed to execute).
  8. Select Add Method.
  9. You are returned to the Actions Administration page.

Modify a Method

Once created, you may then:

  • Edit the method
  • Delete the method

by selecting the appropriate icon in its ACTIONS column.

Editing Methods

Editing a method will only affect its future use in newly opened incidents (i.e., not in incidents that are currently in the open, acknowledged, or alarm cleared states). If an open incident is currently using that method, it will remain unchanged until the incident is closed. If a new incident is subsequently opened, then the edited method is used.

Best Practices

Command Methods

Due to limitations in Netreo, only simple commands (such as restart) should be sent. If you wish to run complex commands, it’s better to write a script on the target device and then simply call the script through the appropriate command method.

When using PowerShell commands to restart Windows services or servers, it is imperative to use maintenance windows when conducting upgrades or during planned outages. Otherwise, Netreo will attempt to restart the services or systems when they appear to go down.

Netreo Incident Macros

When using the webhook, SNMP trap, and command methods, you may also include any of the built-in Netreo incident macros to access a wide variety of information about the associated incident or device.

A Note on Webhooks

Webhooks may include incident macros in their payload. As such, it can be difficult to estimate the volume of text characters included in any given payload. If the target of your webhook has a limit on characters in your payload (such as some Remedy/ITSM instances that use JWT token authentication to open tickets), it may cause the webhook to fail. If you think a webhook might be failing, you can check the Netreo debug log (Administration >> System >> Debug Log from the main menu). In the KEYWORDS field, enter "Netreo::IncidentManager" (without quotes), select the appliance or service engine managing the failing device, and click the Get Logs button. Look for a message similar to the following:

Oct 30 21:07:09 Netreo manual_alert: Netreo::IncidentManager Failed to send Auth Token for incident_id 16425. response_code : 400. response : [{"messageType":"ERROR","messageText":"Value does not fall within the limits specified for the field","messageAppendedText":"(Field ID and Name - HPD:IncidentInterface_Create <1000000000 : Description>, Maximum length - 100)","messageNumber":306}].

This message will specify which field in the webhook method is causing the issue (typically, it will be the payload) and provide the reason.

If no messages of this type are currently present in the debug log, try manually running the action group containing the webhook method by following the steps below.

  1. Open the Incident View page for the incident containing the action group with the webhook you think is failing.
    1. You can quickly navigate to a particular incident by entering its incident number in the global search field in the main menu bar. Enter the incident number and select "Find x in incidents."
    2. On the search results page, click the view icon (magnifying glass) to open the Incident View page for the incident.
  2. At the top right of the Incident Detail panel, click the Manual Actions button.
    1. In the dialog that appears:
      1. Select the action group to run.
      2. Select whether to acknowledge this incident when running the action group.
      3. Click the Execute Now button.
    2. Note: Only action groups with an access level equal to or lower than the currently logged-in user's access level will appear in the list.

If the webhook fails, check the debug log as earlier, and look for the appropriate message to determine the nature of the failure.

Webhooks are limited to a maximum of 3 retries for each execution of a method (including manual execution). There is no delay between each retry. Any delays between retries are caused by server latency.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Network Management